I can't store the data into MySQL

Question

So I have this form. I would like to store the data into my database. However, it's not and there is no error log. I would really appreciate help, as it's due in 2 days and I've been trying for the past week or so.

<form enctype="multipart/form-data" action="preview.php" method="post" class="f">
                <p>

                <p>
                            <p><label for="name">Teacher's Name:</label>
                                <input type="text" style="font-family:Gloria Hallelujah" size="35" name="name" id="name" autofocus required></p>
                            <p><label for="name">Title:</label>
                                <input type="text" style="font-family:Gloria Hallelujah" size="35" name="title" id="title" autofocus required></p>  
                            <p><label for="done">Done By:</label>
                                <input type="text" style="font-family:Gloria Hallelujah" size="35" name="done" id="done" required></p>
                            <p><label for="no">Class:</label>
                                <input type="text" style="font-family:Gloria Hallelujah" size="15" name="class" id="no" required></p>
                            <p><label for="sch">School:</label>
                                <select name="sch">
                                    <option value="seg">School of Engineering (SEG)</option>
                                    <option value="sit">School of Information Technology (SIT)</option>
                                    <option value="sdn">School of Design (SDN)</option>
                                    <option value="sbm">School of Business Management (SBM)</option>
                                    <option value="shs">School of Health Sciences (SHS)</option>
                                    <option value="scl">School of Chemical & Life Sciences (SCL)</option>
                                    <option value="sidm">School of Interactive and Digital Media (SIDM)</option>
                                </select>

                                            <p><label for="msg">Show your Gratitude! :</label>
                            <textarea class="tarea" maxlength="3000" cols="38.5" rows="6" name="comments" placeholder="Enter Message here..." required></textarea>
                            <p class="limit">Char limit: 3000 chars.</p>
                        </p>

And it goes to preview.php where it is supposed to store the data.

<?php
include "mysqli.connect.php";
include "fbmain.php";

$sql = "INSERT INTO table(teacherName, title, doneBy, studentClass, school, message)VALUES    ('$_POST[name]','$_POST[title]','$_POST[done]','$_POST[class]','$_POST[comments]') where     facebookId = '".$me['id']."'";

e.g. '{$_POST['name']}' but see about sql injection and prepared statements - oh, and that too — Strawberry, Feb 08 '14 at 12:59
Be very careful when using $_POST[name] directly in the sql due to SQL injections http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work — malta, Feb 08 '14 at 13:02
Tried the '{$_POST['name']}', but doesn't work. I'm not so worried about the SQL injections. — Exclusified, Feb 08 '14 at 13:49

score 0 · Answer 1 · edited May 23 '17 at 12:05

0

INSERT command does not need WHERE clause .

P.S : You are wide open to SQL Injection.

edited May 23 '17 at 12:05

Community

1
1

answered Feb 08 '14 at 13:00

Alireza Fallah

4,609
3
31
57

1

Dear Alireza this is Error Reporter for Mysqli `if (mysqli_connect_errno()) { echo mysqli_connect_error(); exit(); }` – Mahmoud.Eskandari Feb 08 '14 at 13:10
@Exclusified try `echo mysqli_connect_error(); exit();` – Alireza Fallah Feb 08 '14 at 13:13

score 0 · Answer 2 · answered Feb 08 '14 at 13:08

0

('$_POST[name]','$_POST[title]','...

Change to:

('{$_POST[name]}','{$_POST[title]}','...

this is better
see http://ir1.php.net/mysqli_query And check Database And check WHERE structs
You can Display Errors And Fix them By Put this code After Query

if (mysqli_connect_errno()) {
  echo mysqli_connect_error();
  exit();
}

answered Feb 08 '14 at 13:08

Mahmoud.Eskandari

1,460
3
20
32

Changed it, but it didn't work. I tried to display the error also, but there was no error. – Exclusified Feb 08 '14 at 13:20
"Alireza said:" ` where facebookId = '".$me['id']."'` Is invalid Struct For INSERT!!! – Mahmoud.Eskandari Feb 08 '14 at 13:21
It's Bad Problem And i haven't this Source ... maybe Error is for other code's .And i haven't' enough Time ;) – Mahmoud.Eskandari Feb 08 '14 at 13:26

bestprogrammerintheworld · Answer 3 · 2014-02-08T13:23:34.910

0

$_POST[name] isn't the same as $_POST['name'], $_POST[title] isn't the same as $_POST['title'] etc.

Instead of:

$sql = "INSERT INTO table(teacherName, title, doneBy, studentClass, school, message)VALUES    ('$_POST[name]','$_POST[title]','$_POST[done]','$_POST[class]','$_POST[comments]') where     facebookId = '".$me['id']."'";

try

$name = $_POST['name'];
$title = $_POST['title'];
$done = $_POST['done'];
$class = $_POST['class'];
$comments = $_POST['comments'];

$sql = "INSERT INTO table(teacherName, title, doneBy, studentClass, school, message)VALUES    ('{$name}','{$title}','{$done}','{$class}','{comments}') where     facebookId = '".$me['id']."'";

But above is just to get it to work!

It isn't the recommended way of doing this. You should do it with parametized queries... http://forum.codecall.net/topic/44392-php-5-mysqli-prepared-statements/

edited Feb 08 '14 at 13:23

answered Feb 08 '14 at 13:16

bestprogrammerintheworld

5,417
7
43
72

What are the values given into the variables + value of $me['id'] ? – bestprogrammerintheworld Feb 08 '14 at 14:07
Sorry, but I'm very new to PHP. I don't quite understand your question. – Exclusified Feb 08 '14 at 14:25
If you do echo $name; - what does it print to the screen? – bestprogrammerintheworld Feb 08 '14 at 14:35

I can't store the data into MySQL

3 Answers3